Add more test cases

egregius313 · egregius313 · commit 6455e1893d52 · 2023-12-21T22:48:08.000-05:00
diff --git a/java/ql/test/query-tests/security/CWE-327/semmle/tests/WeakHashing.java b/java/ql/test/query-tests/security/CWE-327/semmle/tests/WeakHashing.java
@@ -14,7 +14,16 @@ void hashing() throws NoSuchAlgorithmException, IOException {
         // BAD: Using a weak hashing algorithm
         MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1"));
 
+        // BAD: Using a weak hashing algorithm even with a secure default
+        MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256"));
+        
         // GOOD: Using a strong hashing algorithm
         MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2"));
+
+        // OK: Using a strong hashing algorithm even with a weak default
+        MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5"));
+
+        // OK: Property does not exist and default is secure
+        MessageDigest ok3 = MessageDigest.getInstance(props.getProperty("hashAlg3", "SHA-256"));
     }
 }
